aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/SecurityDesc.java
diff options
context:
space:
mode:
authorandrew <devnull@localhost>2010-10-19 17:55:59 +0100
committerandrew <devnull@localhost>2010-10-19 17:55:59 +0100
commit7603e948d7a0a7eb2e72358cb4a40ae6779f95da (patch)
treec6441f7d14eafe8119d890cddd09b05b8f88c52a /netx/net/sourceforge/jnlp/SecurityDesc.java
Initial import from IcedTea6.
2010-10-19 Andrew John Hughes <[email protected]> * .hgignore, * Makefile.am, * acinclude.m4, * autogen.sh, * configure.ac, * extra/net/sourceforge/jnlp/about/HTMLPanel.java, * extra/net/sourceforge/jnlp/about/Main.java, * extra/net/sourceforge/jnlp/about/resources/about.html, * extra/net/sourceforge/jnlp/about/resources/applications.html, * extra/net/sourceforge/jnlp/about/resources/notes.html, * javac.in, * javaws.desktop: Imported from IcedTea6. * launcher/java.c, * launcher/java.h, * launcher/java_md.c, * launcher/java_md.h, * launcher/jli_util.h, * launcher/jni.h, * launcher/jvm.h, * launcher/jvm_md.h, * launcher/manifest_info.h, * launcher/splashscreen.h, * launcher/splashscreen_stubs.c, * launcher/version_comp.h, * launcher/wildcard.h: Imported from OpenJDK. * netx/javaws.1, * netx/javax/jnlp/BasicService.java, * netx/javax/jnlp/ClipboardService.java, * netx/javax/jnlp/DownloadService.java, * netx/javax/jnlp/DownloadServiceListener.java, * netx/javax/jnlp/ExtendedService.java, * netx/javax/jnlp/ExtensionInstallerService.java, * netx/javax/jnlp/FileContents.java, * netx/javax/jnlp/FileOpenService.java, * netx/javax/jnlp/FileSaveService.java, * netx/javax/jnlp/JNLPRandomAccessFile.java, * netx/javax/jnlp/PersistenceService.java, * netx/javax/jnlp/PrintService.java, * netx/javax/jnlp/ServiceManager.java, * netx/javax/jnlp/ServiceManagerStub.java, * netx/javax/jnlp/SingleInstanceListener.java, * netx/javax/jnlp/SingleInstanceService.java, * netx/javax/jnlp/UnavailableServiceException.java, * netx/net/sourceforge/jnlp/AppletDesc.java, * netx/net/sourceforge/jnlp/ApplicationDesc.java, * netx/net/sourceforge/jnlp/AssociationDesc.java, * netx/net/sourceforge/jnlp/ComponentDesc.java, * netx/net/sourceforge/jnlp/DefaultLaunchHandler.java, * netx/net/sourceforge/jnlp/ExtensionDesc.java, * netx/net/sourceforge/jnlp/IconDesc.java, * netx/net/sourceforge/jnlp/InformationDesc.java, * netx/net/sourceforge/jnlp/InstallerDesc.java, * netx/net/sourceforge/jnlp/JARDesc.java, * netx/net/sourceforge/jnlp/JNLPFile.java, * netx/net/sourceforge/jnlp/JNLPSplashScreen.java, * netx/net/sourceforge/jnlp/JREDesc.java, * netx/net/sourceforge/jnlp/LaunchException.java, * netx/net/sourceforge/jnlp/LaunchHandler.java, * netx/net/sourceforge/jnlp/Launcher.java, * netx/net/sourceforge/jnlp/MenuDesc.java, * netx/net/sourceforge/jnlp/NetxPanel.java, * netx/net/sourceforge/jnlp/Node.java, * netx/net/sourceforge/jnlp/PackageDesc.java, * netx/net/sourceforge/jnlp/ParseException.java, * netx/net/sourceforge/jnlp/Parser.java, * netx/net/sourceforge/jnlp/PluginBridge.java, * netx/net/sourceforge/jnlp/PropertyDesc.java, * netx/net/sourceforge/jnlp/RelatedContentDesc.java, * netx/net/sourceforge/jnlp/ResourcesDesc.java, * netx/net/sourceforge/jnlp/SecurityDesc.java, * netx/net/sourceforge/jnlp/ShortcutDesc.java, * netx/net/sourceforge/jnlp/StreamEater.java, * netx/net/sourceforge/jnlp/UpdateDesc.java, * netx/net/sourceforge/jnlp/Version.java, * netx/net/sourceforge/jnlp/cache/CacheEntry.java, * netx/net/sourceforge/jnlp/cache/CacheUtil.java, * netx/net/sourceforge/jnlp/cache/DefaultDownloadIndicator.java, * netx/net/sourceforge/jnlp/cache/DownloadIndicator.java, * netx/net/sourceforge/jnlp/cache/Resource.java, * netx/net/sourceforge/jnlp/cache/ResourceTracker.java, * netx/net/sourceforge/jnlp/cache/UpdatePolicy.java, * netx/net/sourceforge/jnlp/cache/package.html, * netx/net/sourceforge/jnlp/event/ApplicationEvent.java, * netx/net/sourceforge/jnlp/event/ApplicationListener.java, * netx/net/sourceforge/jnlp/event/DownloadEvent.java, * netx/net/sourceforge/jnlp/event/DownloadListener.java, * netx/net/sourceforge/jnlp/event/package.html, * netx/net/sourceforge/jnlp/package.html, * netx/net/sourceforge/jnlp/resources/Manifest.mf, * netx/net/sourceforge/jnlp/resources/Messages.properties, * netx/net/sourceforge/jnlp/resources/about.jnlp, * netx/net/sourceforge/jnlp/resources/default.jnlp, * netx/net/sourceforge/jnlp/runtime/AppThreadGroup.java, * netx/net/sourceforge/jnlp/runtime/AppletAudioClip.java, * netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java, * netx/net/sourceforge/jnlp/runtime/AppletInstance.java, * netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java, * netx/net/sourceforge/jnlp/runtime/Boot.java, * netx/net/sourceforge/jnlp/runtime/Boot13.java, * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java, * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java, * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java, * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java, * netx/net/sourceforge/jnlp/runtime/package.html, * netx/net/sourceforge/jnlp/security/AccessWarningPane.java, * netx/net/sourceforge/jnlp/security/AppletWarningPane.java, * netx/net/sourceforge/jnlp/security/CertVerifier.java, * netx/net/sourceforge/jnlp/security/CertWarningPane.java, * netx/net/sourceforge/jnlp/security/CertsInfoPane.java, * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java, * netx/net/sourceforge/jnlp/security/MoreInfoPane.java, * netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java, * netx/net/sourceforge/jnlp/security/SecurityDialogPanel.java, * netx/net/sourceforge/jnlp/security/SecurityUtil.java, * netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java, * netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java, * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java, * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java, * netx/net/sourceforge/jnlp/security/viewer/CertificateViewer.java, * netx/net/sourceforge/jnlp/services/ExtendedSingleInstanceService.java, * netx/net/sourceforge/jnlp/services/InstanceExistsException.java, * netx/net/sourceforge/jnlp/services/ServiceUtil.java, * netx/net/sourceforge/jnlp/services/SingleInstanceLock.java, * netx/net/sourceforge/jnlp/services/XBasicService.java, * netx/net/sourceforge/jnlp/services/XClipboardService.java, * netx/net/sourceforge/jnlp/services/XDownloadService.java, * netx/net/sourceforge/jnlp/services/XExtendedService.java, * netx/net/sourceforge/jnlp/services/XExtensionInstallerService.java, * netx/net/sourceforge/jnlp/services/XFileContents.java, * netx/net/sourceforge/jnlp/services/XFileOpenService.java, * netx/net/sourceforge/jnlp/services/XFileSaveService.java, * netx/net/sourceforge/jnlp/services/XJNLPRandomAccessFile.java, * netx/net/sourceforge/jnlp/services/XPersistenceService.java, * netx/net/sourceforge/jnlp/services/XPrintService.java, * netx/net/sourceforge/jnlp/services/XServiceManagerStub.java, * netx/net/sourceforge/jnlp/services/XSingleInstanceService.java, * netx/net/sourceforge/jnlp/services/package.html, * netx/net/sourceforge/jnlp/tools/CharacterEncoder.java, * netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java, * netx/net/sourceforge/jnlp/tools/JarRunner.java, * netx/net/sourceforge/jnlp/tools/JarSigner.java, * netx/net/sourceforge/jnlp/tools/JarSignerResources.java, * netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java, * netx/net/sourceforge/jnlp/tools/KeyTool.java, * netx/net/sourceforge/jnlp/util/FileUtils.java, * netx/net/sourceforge/jnlp/util/PropertiesFile.java, * netx/net/sourceforge/jnlp/util/Reflect.java, * netx/net/sourceforge/jnlp/util/WeakList.java, * netx/net/sourceforge/jnlp/util/XDesktopEntry.java, * netx/net/sourceforge/nanoxml/XMLElement.java, * netx/net/sourceforge/nanoxml/XMLParseException.java, * plugin/icedteanp/IcedTeaJavaRequestProcessor.cc, * plugin/icedteanp/IcedTeaJavaRequestProcessor.h, * plugin/icedteanp/IcedTeaNPPlugin.cc, * plugin/icedteanp/IcedTeaNPPlugin.h, * plugin/icedteanp/IcedTeaPluginRequestProcessor.cc, * plugin/icedteanp/IcedTeaPluginRequestProcessor.h, * plugin/icedteanp/IcedTeaPluginUtils.cc, * plugin/icedteanp/IcedTeaPluginUtils.h, * plugin/icedteanp/IcedTeaRunnable.cc, * plugin/icedteanp/IcedTeaRunnable.h, * plugin/icedteanp/IcedTeaScriptablePluginObject.cc, * plugin/icedteanp/IcedTeaScriptablePluginObject.h, * plugin/icedteanp/java/netscape/javascript/JSException.java, * plugin/icedteanp/java/netscape/javascript/JSObject.java, * plugin/icedteanp/java/netscape/javascript/JSObjectCreatePermission.java, * plugin/icedteanp/java/netscape/javascript/JSProxy.java, * plugin/icedteanp/java/netscape/javascript/JSRunnable.java, * plugin/icedteanp/java/netscape/javascript/JSUtil.java, * plugin/icedteanp/java/netscape/security/ForbiddenTargetException.java, * plugin/icedteanp/java/sun/applet/AppletSecurityContextManager.java, * plugin/icedteanp/java/sun/applet/GetMemberPluginCallRequest.java, * plugin/icedteanp/java/sun/applet/GetWindowPluginCallRequest.java, * plugin/icedteanp/java/sun/applet/JavaConsole.java, * plugin/icedteanp/java/sun/applet/MethodOverloadResolver.java, * plugin/icedteanp/java/sun/applet/PasswordAuthenticationDialog.java, * plugin/icedteanp/java/sun/applet/PluginAppletSecurityContext.java, * plugin/icedteanp/java/sun/applet/PluginAppletViewer.java, * plugin/icedteanp/java/sun/applet/PluginCallRequest.java, * plugin/icedteanp/java/sun/applet/PluginCallRequestFactory.java, * plugin/icedteanp/java/sun/applet/PluginClassLoader.java, * plugin/icedteanp/java/sun/applet/PluginCookieInfoRequest.java, * plugin/icedteanp/java/sun/applet/PluginCookieManager.java, * plugin/icedteanp/java/sun/applet/PluginDebug.java, * plugin/icedteanp/java/sun/applet/PluginException.java, * plugin/icedteanp/java/sun/applet/PluginMain.java, * plugin/icedteanp/java/sun/applet/PluginMessageConsumer.java, * plugin/icedteanp/java/sun/applet/PluginMessageHandlerWorker.java, * plugin/icedteanp/java/sun/applet/PluginObjectStore.java, * plugin/icedteanp/java/sun/applet/PluginProxyInfoRequest.java, * plugin/icedteanp/java/sun/applet/PluginProxySelector.java, * plugin/icedteanp/java/sun/applet/PluginStreamHandler.java, * plugin/icedteanp/java/sun/applet/RequestQueue.java, * plugin/icedteanp/java/sun/applet/TestEnv.java, * plugin/icedteanp/java/sun/applet/VoidPluginCallRequest.java, * plugin/tests/LiveConnect/DummyObject.java, * plugin/tests/LiveConnect/OverloadTestHelper1.java, * plugin/tests/LiveConnect/OverloadTestHelper2.java, * plugin/tests/LiveConnect/OverloadTestHelper3.java, * plugin/tests/LiveConnect/PluginTest.java, * plugin/tests/LiveConnect/build, * plugin/tests/LiveConnect/common.js, * plugin/tests/LiveConnect/index.html, * plugin/tests/LiveConnect/jjs_eval_test.js, * plugin/tests/LiveConnect/jjs_func_parameters_tests.js, * plugin/tests/LiveConnect/jjs_func_rettype_tests.js, * plugin/tests/LiveConnect/jjs_get_tests.js, * plugin/tests/LiveConnect/jjs_set_tests.js, * plugin/tests/LiveConnect/jsj_func_overload_tests.js, * plugin/tests/LiveConnect/jsj_func_parameters_tests.js, * plugin/tests/LiveConnect/jsj_func_rettype_tests.js, * plugin/tests/LiveConnect/jsj_get_tests.js, * plugin/tests/LiveConnect/jsj_set_tests.js, * plugin/tests/LiveConnect/jsj_type_casting_tests.js, * plugin/tests/LiveConnect/jsj_type_conversion_tests.js: Initial import from IcedTea6. * AUTHORS, * COPYING * INSTALL, * NEWS, * README: New documentation.
Diffstat (limited to 'netx/net/sourceforge/jnlp/SecurityDesc.java')
-rw-r--r--netx/net/sourceforge/jnlp/SecurityDesc.java201
1 files changed, 201 insertions, 0 deletions
diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java
new file mode 100644
index 0000000..d2ccde6
--- /dev/null
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java
@@ -0,0 +1,201 @@
+// Copyright (C) 2001-2003 Jon A. Maxwell (JAM)
+//
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation; either
+// version 2.1 of the License, or (at your option) any later version.
+//
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+package net.sourceforge.jnlp;
+
+import java.io.*;
+import java.net.*;
+import java.util.*;
+import java.security.*;
+import java.awt.AWTPermission;
+
+/**
+ * The security element.
+ *
+ * @author <a href="mailto:[email protected]">Jon A. Maxwell (JAM)</a> - initial author
+ * @version $Revision: 1.7 $
+ */
+public class SecurityDesc {
+
+ /*
+ * We do not verify security here, the classloader deals with security
+ */
+
+ /** All permissions. */
+ public static final Object ALL_PERMISSIONS = "All";
+
+ /** Applet permissions. */
+ public static final Object SANDBOX_PERMISSIONS = "Sandbox";
+
+ /** J2EE permissions. */
+ public static final Object J2EE_PERMISSIONS = "J2SE";
+
+ /** permissions type */
+ private Object type;
+
+ /** the download host */
+ private String downloadHost;
+
+ /** the JNLP file */
+ private JNLPFile file;
+
+ // We go by the rules here:
+ // http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
+
+ // Since this is security sensitive, take a conservative approach:
+ // Allow only what is specifically allowed, and deny everything else
+
+ /** basic permissions for restricted mode */
+ private static Permission j2eePermissions[] = {
+ new AWTPermission("accessClipboard"),
+ // disabled because we can't at this time prevent an
+ // application from accessing other applications' event
+ // queues, or even prevent access to security dialog queues.
+ //
+ // new AWTPermission("accessEventQueue"),
+ new AWTPermission("showWindowWithoutWarningBanner"),
+ new RuntimePermission("exitVM"),
+ new RuntimePermission("loadLibrary"),
+ new RuntimePermission("queuePrintJob"),
+ new SocketPermission("*", "connect"),
+ new SocketPermission("localhost:1024-", "accept, listen"),
+ new FilePermission("*", "read, write"),
+ new PropertyPermission("*", "read"),
+ };
+
+ /** basic permissions for restricted mode */
+ private static Permission sandboxPermissions[] = {
+ new SocketPermission("localhost:1024-", "listen"),
+ // new SocketPermission("<DownloadHost>", "connect, accept"), // added by code
+ new PropertyPermission("java.version", "read"),
+ new PropertyPermission("java.vendor", "read"),
+ new PropertyPermission("java.vendor.url", "read"),
+ new PropertyPermission("java.class.version", "read"),
+ new PropertyPermission("os.name", "read"),
+ new PropertyPermission("os.version", "read"),
+ new PropertyPermission("os.arch", "read"),
+ new PropertyPermission("file.separator", "read"),
+ new PropertyPermission("path.separator", "read"),
+ new PropertyPermission("line.separator", "read"),
+ new PropertyPermission("java.specification.version", "read"),
+ new PropertyPermission("java.specification.vendor", "read"),
+ new PropertyPermission("java.specification.name", "read"),
+ new PropertyPermission("java.vm.specification.vendor", "read"),
+ new PropertyPermission("java.vm.specification.name", "read"),
+ new PropertyPermission("java.vm.version", "read"),
+ new PropertyPermission("java.vm.vendor", "read"),
+ new PropertyPermission("java.vm.name", "read"),
+ new PropertyPermission("javawebstart.version", "read"),
+ new PropertyPermission("javaplugin.*", "read"),
+ new PropertyPermission("jnlp.*", "read,write"),
+ new PropertyPermission("javaws.*", "read,write"),
+ new RuntimePermission("exitVM"),
+ new RuntimePermission("stopThread"),
+ new AWTPermission("showWindowWithoutWarningBanner"),
+ // disabled because we can't at this time prevent an
+ // application from accessing other applications' event
+ // queues, or even prevent access to security dialog queues.
+ //
+ // new AWTPermission("accessEventQueue"),
+ };
+
+ /** basic permissions for restricted mode */
+ private static Permission jnlpRIAPermissions[] = {
+ new PropertyPermission("awt.useSystemAAFontSettings", "read,write"),
+ new PropertyPermission("http.agent", "read,write"),
+ new PropertyPermission("http.keepAlive", "read,write"),
+ new PropertyPermission("java.awt.syncLWRequests", "read,write"),
+ new PropertyPermission("java.awt.Window.locationByPlatform", "read,write"),
+ new PropertyPermission("javaws.cfg.jauthenticator", "read,write"),
+ new PropertyPermission("javax.swing.defaultlf", "read,write"),
+ new PropertyPermission("sun.awt.noerasebackground", "read,write"),
+ new PropertyPermission("sun.awt.erasebackgroundonresize", "read,write"),
+ new PropertyPermission("sun.java2d.d3d", "read,write"),
+ new PropertyPermission("sun.java2d.dpiaware", "read,write"),
+ new PropertyPermission("sun.java2d.noddraw", "read,write"),
+ new PropertyPermission("sun.java2d.opengl", "read,write"),
+ new PropertyPermission("swing.boldMetal", "read,write"),
+ new PropertyPermission("swing.metalTheme", "read,write"),
+ new PropertyPermission("swing.noxp", "read,write"),
+ new PropertyPermission("swing.useSystemFontSettings", "read,write"),
+ };
+
+ /**
+ * Create a security descriptor.
+ *
+ * @param file the JNLP file
+ * @param type the type of security
+ * @param downloadHost the download host (can always connect to)
+ */
+ public SecurityDesc(JNLPFile file, Object type, String downloadHost) {
+ this.file = file;
+ this.type = type;
+ this.downloadHost = downloadHost;
+ }
+
+ /**
+ * Returns the permissions type, one of: ALL_PERMISSIONS,
+ * SANDBOX_PERMISSIONS, J2EE_PERMISSIONS.
+ */
+ public Object getSecurityType() {
+ return type;
+ }
+
+ /**
+ * Returns a PermissionCollection containing the basic
+ * permissions granted depending on the security type.
+ */
+ public PermissionCollection getPermissions() {
+ PermissionCollection permissions = getSandBoxPermissions();
+
+ // discard sandbox, give all
+ if (type == ALL_PERMISSIONS) {
+ permissions = new Permissions();
+ permissions.add(new AllPermission());
+ return permissions;
+ }
+
+ // add j2ee to sandbox if needed
+ if (type == J2EE_PERMISSIONS)
+ for (int i=0; i < j2eePermissions.length; i++)
+ permissions.add(j2eePermissions[i]);
+
+ return permissions;
+ }
+
+ /**
+ * Returns a PermissionCollection containing the sandbox permissions
+ */
+ public PermissionCollection getSandBoxPermissions() {
+
+ Permissions permissions = new Permissions();
+
+ for (int i=0; i < sandboxPermissions.length; i++)
+ permissions.add(sandboxPermissions[i]);
+
+ if (file.isApplication())
+ for (int i=0; i < jnlpRIAPermissions.length; i++)
+ permissions.add(jnlpRIAPermissions[i]);
+
+ if (downloadHost != null)
+ permissions.add(new SocketPermission(downloadHost,
+ "connect, accept"));
+
+ return permissions;
+ }
+
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-19 14:07:48 +0000